<?php   
function show_form()
{
  $error_str='';
  if (count($_POST))
  {
    $error_str=check_form();
    if (strlen($error_str)==0) add_user();
  }
  $tips='注册用户,黄色为必填,如申请管理员请全部填写';
  if (strlen($error_str)>0) $tips=$error_str;
  //预防xxs
 @$post['id']=htmlspecialchars($_POST['id']);
 @$post['realname']=htmlspecialchars($_POST['realname']);
 @$post['nickname']=htmlspecialchars($_POST['nickname']);
 @$post['password']=htmlspecialchars($_POST['password']);
 @$post['repassword']=htmlspecialchars($_POST['repassword']);
 @$post['idcard']=htmlspecialchars($_POST['idcard']);
 @$post['email']=htmlspecialchars($_POST['email']);
 @$post['qq']=htmlspecialchars($_POST['qq']);
 @$post['tel']=htmlspecialchars($_POST['tel']);
 @$post['content']=htmlspecialchars($_POST['content']);
  echo<<<ZZZ

  <div class="modal-header">
        <h3>{$tips}</h3>
  </div>
  <div class="row">
    <div class="span6 offset2">
        <form method="post" action="register.php" id="reg_form" class="">
        <div class="control-group warning">
          <label  class="control-label " for="id">学号: </label>
          <div class="controls">
            <input type="text" name="id" id="id" maxlength=10 autofocus="autofocus" value="{$post['id']}" placeholder="请填写内容:" />
          </div>
        </div>

        <div class="control-group warning">
          <label  class="control-label" for="realname">姓名: </label>
          <div class="controls">
            <input type="text" name="realname" id="realname" value="{$post['realname']}" maxlength=5 placeholder="请填写内容" />
          </div>
        </div>

        <div class="control-group">
          <label  class="control-label" for="rusername">昵称: </label>
          <div class="controls">
            <input type="text" name="nickname" id="rusername" value="{$post['nickname']}" maxlength=10 placeholder="" />
          </div>
        </div>

        <div class="control-group warning">
          <label class="control-label" for="rpassword">密码: </label>
          <div class="controls">
            <input type="password" name="password" value="{$post['password']}" id="rpassword" maxlength=18 placeholder="请填写密码" />
          </div>
        </div>
        <div class="control-group warning">
          <label  class="control-label" for="rrpassword">确认密码: </label>
          <div class="controls">
            <input type="password" name="repassword" value="{$post['repassword']}" id="rrpassword" maxlength=18 placeholder="请填写密码" />
          </div>
        </div>
        <div class="control-group warning">
          <label  class="control-label" for="idcard">身份证号: </label>
          <div class="controls">
            <input type="text" name="idcard" id="idcard" value="{$post['idcard']}" placeholder="用来验证你的身份" maxlength=18 />
          </div>
        </div>
        <div class="control-group">
          <label  class="control-label" for="email">电子邮件: </label>
          <div class="controls">
            <input type="text" name="email" id="email" value="{$post['email']}" placeholder="用来显示你的Gravatar头像" maxlength=30  value=""/>
          </div>
        </div>
        <div class="control-group">
          <label  class="control-label" for="qq">QQ: </label>
          <div class="controls">
            <input type="text" name="qq" id="qq" value="{$post['qq']}" placeholder="" maxlength=11 />
          </div>
        </div>

        <div class="control-group">
          <label  class="control-label" for="tel">手机号码: </label>
          <div class="controls">
            <input type="text" name="tel" id="tel" value="{$post['tel']}" placeholder="" maxlength=11 />
          </div>
        </div>

        <div class="control-group">
              <label class="control-label" for="textarea">个人说明:</label>
              <div class="controls">
                <textarea name="content"  class="input-xlarge" id="textarea" rows="3" placeholder="申请管理员请填写班级职务申请理由等.">{$post['content']}</textarea>
              </div>
        </div>

          <span id="msgbox" style="display:none"></span>
          <input class="btn btn-primary" type="submit" name="name" value="提交" />
     </form>

    </div>
  </div>
  
ZZZ;


}


function check_form()
{
  if (!is_numeric($_POST['id'])) return "学号非法!";
  if (strlen($_POST['id'])<4) return "学号非法2!";
  if (strlen($_POST['realname'])>15) return "姓名长度超出限制!";
  if (strlen($_POST['realname'])<6) return "姓名长度太短!";
  if (strlen($_POST['nickname'])>10) return "昵称长度超出限制!";
  if (strlen($_POST['nickname'])<6 && strlen($_POST['nickname'])>0) return "昵称长度太短!";
  if (strlen($_POST['password'])>18) return "密码长度超出限制!";
  if (strlen($_POST['repassword'])>18) return "密码长度超出限制!";
  if (strlen($_POST['password'])<5) return "密码长度太短!";
  if (strlen($_POST['repassword'])<5) return "密码长度太短!";
  if ($_POST['password']!=$_POST['repassword']) return "两次输入的密码不相同!";
  if (strlen($_POST['idcard'])!=18) return "身份证格式错误!";
  if (strlen($_POST['email'])>0 && !is_email($_POST['email'])) return "email格式错误!";
  if (strlen($_POST['qq'])>0 && !is_qq($_POST['qq'])) return "QQ格式错误!";
  if (strlen($_POST['tel'])>0 && !is_qq($_POST['tel'])) return "手机号码格式错误!";
  if (!net_check_idcard($_POST['id'],$_POST['idcard'],$_POST['realname'])) return "学号,姓名,身份证不匹配!";
  return '';
}

function is_email($email){ 
  if(strstr($email, '@') && strstr($email, '.')){ 
  if(preg_match("^([_a-z0-9]+([._a-z0-9-]+)*)@([a-z0-9]{2,}(.[a-z0-9-]{2,})*.[a-z]{2,3})$^", $email))
  return true;
  return false;
  } 
  return false; 
}
function is_qq($str)
{
  if(!is_numeric($str)) return false;
  if (strlen($str)>11 || strlen($str)<5) return false;
  return true;
}

function net_check_idcard($id,$idcard,$realname)
{
  settype($id, 'string');
  if ($id[2]=='5') $s= file_get_contents("http://211.67.208.67/xxjw/xscjcx.jsp?yzbh=$id");
  else $s= file_get_contents("http://211.67.208.69/kdjw/xscjcx.jsp?yzbh=$id");
  if (strlen($s)==0) return 0;
  $s2=stripos($s,$realname);
  $s4=stripos($s,$id);
  $s6=stripos($s,$idcard);
  $s1=stripos($s,'姓名');
  if(substr($s,$s2+strlen($realname),1)!='<') return 0;
  $s3=stripos($s,'学号');
  $s5=stripos($s,'身份证号');
  //echo "$s1,$s2,$s3,$s4,$s5,$s6";
  if($s1<$s2&&$s2<$s3&&$s3<$s4&&$s4<$s5&&$s5<$s6) return 1;
  return 0;
}

function add_user()
{
  global $pdo;
  //这个函数不判断用户名是否已经存在,作为重置密码使用.可能存在风险
  $result=$pdo->prepare('DELETE FROM `jiaoshiguanlixitong`.`user` WHERE `user`.`id` = ?');
  $result->execute(array($_POST['id']));
  $result=$pdo->prepare('INSERT INTO `jiaoshiguanlixitong`.`user` (`id`, `nickname`, `realname`, `permission`, `password`, `idcard`, `email`, `qq`, `tel`, `introduction`, `lastlogintime`) VALUES (?, ?, ?, \'guest\', ?, ?, ?, ?, ?, ?, NOW());');
  if($result->execute(array($_POST['id'],$_POST['nickname'],$_POST['realname'],$_POST['password'],$_POST['idcard'],$_POST['email'],$_POST['qq'],$_POST['tel'],$_POST['content'])))
  {
    $sql="SELECT * FROM `user` WHERE id =? ";
    $result=$pdo->prepare($sql);
    $result->execute(array($_POST['id']));
    if($row = $result->fetch())
    {
      session_regenerate_id ();
      $_SESSION['is_login']=1;
      $_SESSION['nickname']=$row['nickname'];
      $_SESSION['realname']=$row['realname'];
      $_SESSION['permission']=$row['permission'];
      $_SESSION['nickname']=$row['nickname'];
      $_SESSION['email']=$row['nickname'];
      $sql='UPDATE `jiaoshiguanlixitong`.`user` SET `lastlogintime` = NOW( ) ,`logincount` =`logincount`+1 WHERE `user`.`id` =? LIMIT 1 ';
      $result=$pdo->prepare($sql);
      $result->execute(array($_POST['id']));
      echo "<script> alert('注册成功!'); window.location.href='index.php'</script>";
    }
    echo "出现未知错误";
  }

}


?>
